NGINX fails to ask for PEM password on start

Build

  • Ubuntu 16
  • nginx version: nginx/1.10.0 (Ubuntu)

Problem
Amongst the common commands you will find online to start Nginx are:

Using a service
sudo systemctl restart nginx

Call the binary directly (assuming it located in /etc/init.d/) with start/stop/restart
/etc/init.d/nginx start

Even if you specify the configuration file using the -c option, it always throws an error.

However, it appears (for me) that neither of these options prompt a user for their PEM password if they have configured SSL or TLS certificates.

Solution
After a lot of digging you will find that calling the script directly without (start/stop/restart) prompts the user for the PEM password.
/etc/init.d/nginx

References
https://forum.nginx.org/read.php?2,262900,262900

Using iptables to Configure HTTP and HTTPS to redirect to Glassfish 4.1 Defaults

This guide can also be used if you are not using Glassfish 4.1 . In that situation you may want to know Glassfish’s default ports and what they are used for.

  • Port 8080 is for HTTP protocol
  • Port 8181 is for HTTPS protocol
  • Port 4848 is for the Admin Console

Now obviously you can see the problem here. By default when I user accesses a website using HTTP they are using port 80, 443 for HTTPS.

Also, you may potentially not want the admin console to be available at all, or at certain times. In that case you would want to have two version of this file. Ensure you use chmod so that it is executable by the right person/people and not by everyone.

Warning:
This does not allow you to, for example, redirect from ports using HTTP protocol to ones using HTTPS protocols. So in this situation for example, I cannot configure port 80 to redirect to 443 or 8181 because HTTP and HTTPS protocols are different.

This example file from Nabisoft illustrates what you would do.

#!/bin/bash

# ATTENTION: flush/delete all existing rules
iptables -F

################################################################
# set the default policy for each of the pre-defined chains
################################################################
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT

################################################################
#individual ports tcp
################################################################
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
iptables -A INPUT -p tcp –dport 8181 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
#uncomment next line to enable AdminGUI on port 4848:
iptables -A INPUT -p tcp –dport 4848 -j ACCEPT

################################################################
#slow down the amount of ssh connections by the same ip address:
#wait 60 seconds if 3 times failed to connect
################################################################
iptables -I INPUT -p tcp -i eth0 –dport 22 -m state –state NEW -m recent –name sshprobe –set -j ACCEPT
iptables -I INPUT -p tcp -i eth0 –dport 22 -m state –state NEW -m recent –name sshprobe –update –seconds 60 –hitcount 3 –rttl -j DROP

#drop everything else
iptables -A INPUT -j DROP

################################################################
#Redirection Rules
################################################################
#1. redirection rules (allowing forwarding from localhost)
iptables -t nat -A OUTPUT -o lo -p tcp –dport 80 -j REDIRECT –to-port 8080
iptables -t nat -A OUTPUT -o lo -p tcp –dport 443 -j REDIRECT –to-port 8181

#2. redirection http
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 8080 -j REDIRECT –to-ports 8181

#3. redirection https
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 443 -j REDIRECT –to-ports 8181

################################################################
#save the rules somewhere and make sure
#our rules get loaded if the ubuntu server is restarted
################################################################
iptables-save > /etc/my-iptables.rules
iptables-restore < /etc/my-iptables.rules

#List Rules to see what we have now
iptables -L

MySQL access remote database through command line Linux

This guide assumes you already have mysql command line binaries installed. If you are lazy then you can install it in one line:
sudo apt-get install mysql-server

Now for the purpose of this article

mysql -u username -h my.application.com -ppassword

If your password is Ellis then the last parameter would look like -pEllis